Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402215.roa
File:                     AS402215.roa (raw, json)
Hash identifier:          x+hGHtmEAPwvXVRtrD3qC/g1vCDTd7iiThEcyJYSuno=
Subject key identifier:   67:7F:F8:11:97:1C:F9:A4:47:DD:5E:F6:62:85:78:58:2C:9B:0B:E9
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       6CC6E96C7F13DB1C21945B884120789B53E927BC
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402215.roa
Signing time:             Thu 16 Apr 2026 06:53:52 +0000
ROA not before:           Thu 16 Apr 2026 06:48:52 +0000
ROA not after:            Thu 15 Apr 2027 06:53:52 +0000
asID:                     402215
IP address blocks:        212.60.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:c6:e9:6c:7f:13:db:1c:21:94:5b:88:41:20:78:9b:53:e9:27:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Apr 16 06:48:52 2026 GMT
            Not After : Apr 15 06:53:52 2027 GMT
        Subject: CN=677FF811971CF9A447DD5EF6628578582C9B0BE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:46:4d:14:c6:cb:b5:8f:b4:ec:7c:de:8e:56:
                    f4:9e:cb:b5:63:76:f3:14:42:f2:b4:83:4c:bd:54:
                    a8:13:b5:e9:ee:09:cd:7e:eb:fd:60:35:80:92:2b:
                    54:7c:65:4d:35:c6:0e:a4:b7:9b:84:32:55:65:02:
                    e9:e3:55:f3:d5:85:ec:ef:63:ab:5d:da:fa:16:4e:
                    94:1a:a8:98:d6:8f:7b:3a:8a:5c:33:a9:6c:28:4c:
                    6e:0f:eb:3e:81:3b:80:50:e4:43:26:cd:7b:0d:94:
                    b0:62:d8:28:09:9f:23:c4:f3:34:07:15:86:31:7a:
                    42:2d:bc:d0:55:1c:1a:40:a1:9c:2a:b1:dd:56:fb:
                    01:ec:c0:7f:cf:9c:53:c7:5d:1c:74:a2:c6:16:dd:
                    47:1f:7f:49:e0:c9:20:41:70:28:3e:77:45:f2:de:
                    68:c8:f4:c8:c4:b3:d0:fd:49:b4:b4:28:a4:dd:70:
                    d2:92:2f:fe:bf:e7:86:93:5a:91:d4:8e:66:2f:ba:
                    ae:21:bb:40:bc:45:40:09:21:8e:ea:76:bf:8e:58:
                    88:41:1d:d9:7d:03:f0:64:ab:bf:74:44:c6:4d:8c:
                    2d:1c:a7:0e:f4:88:a0:35:57:8b:99:b0:38:10:e2:
                    82:11:2d:80:80:4c:d8:15:ed:ee:f0:35:bc:19:2c:
                    28:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:7F:F8:11:97:1C:F9:A4:47:DD:5E:F6:62:85:78:58:2C:9B:0B:E9
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:c9:c8:b7:af:8b:e5:c7:b9:20:fe:65:33:f4:34:cb:ee:25:
         41:a0:fe:42:b4:2e:2e:71:ac:5e:19:48:82:fc:9c:fd:04:0c:
         22:5f:6b:cb:a7:52:91:e3:5b:ec:7e:02:f1:f8:c4:3f:44:de:
         23:94:8a:af:eb:1a:bd:01:da:85:e2:0b:99:48:69:9f:d0:8f:
         98:8b:81:66:84:ee:15:d1:bf:83:99:82:b0:68:b4:bd:38:7f:
         1e:1b:9a:54:26:c6:d4:e2:71:2c:c8:85:c7:55:a7:a4:39:b7:
         39:a8:9e:24:71:21:00:ec:85:d1:07:4b:af:e3:15:09:37:eb:
         2f:31:01:f3:26:ff:4e:eb:fe:ce:b4:b9:a6:2e:ba:30:83:d7:
         44:c3:6d:53:e6:db:03:f9:4b:51:90:c3:93:e3:46:b8:87:dc:
         30:8a:8d:32:54:06:6e:7e:33:29:e8:20:89:9d:6f:7e:4d:c4:
         1c:0b:e6:f4:b6:af:68:a9:03:9d:d1:38:7e:72:b3:ac:6f:62:
         43:37:ac:e0:25:3a:e1:f0:ca:54:84:d5:e7:16:78:6f:cf:1f:
         30:47:18:f5:77:89:f0:a7:54:2f:fb:24:c6:2a:1c:eb:b0:66:
         83:04:71:ae:cf:74:91:3b:17:50:b3:d5:0c:5f:df:3d:cd:69:
         55:84:72:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbMbpbH8T2xwhlFuIQSB4m1PpJ7wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA0MTYwNjQ4NTJaFw0yNzA0MTUwNjUzNTJaMDMxMTAvBgNV
BAMTKDY3N0ZGODExOTcxQ0Y5QTQ0N0RENUVGNjYyODU3ODU4MkM5QjBCRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkRk0Uxsu1j7TsfN6OVvSey7Vj
dvMUQvK0g0y9VKgTtenuCc1+6/1gNYCSK1R8ZU01xg6kt5uEMlVlAunjVfPVhezv
Y6td2voWTpQaqJjWj3s6ilwzqWwoTG4P6z6BO4BQ5EMmzXsNlLBi2CgJnyPE8zQH
FYYxekItvNBVHBpAoZwqsd1W+wHswH/PnFPHXRx0osYW3Ucff0ngySBBcCg+d0Xy
3mjI9MjEs9D9SbS0KKTdcNKSL/6/54aTWpHUjmYvuq4hu0C8RUAJIY7qdr+OWIhB
Hdl9A/Bkq790RMZNjC0cpw70iKA1V4uZsDgQ4oIRLYCATNgV7e7wNbwZLChRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZ3/4EZcc+aRH3V72YoV4WCybC+kwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTNDAyMjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DyS
MA0GCSqGSIb3DQEBCwUAA4IBAQBxyci3r4vlx7kg/mUz9DTL7iVBoP5CtC4ucaxe
GUiC/Jz9BAwiX2vLp1KR41vsfgLx+MQ/RN4jlIqv6xq9AdqF4guZSGmf0I+Yi4Fm
hO4V0b+DmYKwaLS9OH8eG5pUJsbU4nEsyIXHVaekObc5qJ4kcSEA7IXRB0uv4xUJ
N+svMQHzJv9O6/7OtLmmLrowg9dEw21T5tsD+UtRkMOT40a4h9wwio0yVAZufjMp
6CCJnW9+TcQcC+b0tq9oqQOd0Th+crOsb2JDN6zgJTrh8MpUhNXnFnhvzx8wRxj1
d4nwp1Qv+yTGKhzrsGaDBHGuz3SROxdQs9UMX989zWlVhHIq
-----END CERTIFICATE-----